<!--#include file="Config.asp" -->
<!--#include file="HeadTop.asp"-->
<%
Dim Title1
Title1="百家姓V2.1"		'网页名称

'页面执行时间
Dim startime
startime=timer()

'获取浏览器Name,Id
Title=Request("Title")
Id=Request("Id")

'防SQL注入
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
allquery=squery+sURL
If InStr(allquery,"%20")<>0 or InStr(allquery,"%27")<>0 or InStr(allquery,"'")<>0 or InStr(allquery,"%a1a1")<>0 or InStr(allquery,"%24")<>0 or InStr(allquery,"$")<>0 or InStr(allquery,"%3b")<>0 or InStr(allquery,"%%")<>0 or InStr(allquery,"%3c")<>0 or InStr(allquery,"<")<>0 or InStr(allquery,">")<>0 or InStr(allquery,"--")<>0 or InStr(allquery,"sp_")<>0 or InStr(allquery,"xp_")<>0 or InStr(allquery,"exec")<>0 or InStr(allquery,"\")<>0 or InStr(allquery,"delete")<>0 or InStr(allquery,"dir")<>0 or InStr(allquery,"exe")<>0 or InStr(allquery,"select")<>0 or InStr(allquery,"Update")<>0 or InStr(allquery,"cmd")<>0 or InStr(allquery,"*")<>0 or InStr(allquery,"^")<>0 or InStr(allquery,"(")<>0 or InStr(allquery,")")<>0 or InStr(allquery,"+")<>0 or InStr(allquery,"copy")<>0 or InStr(allquery,"format")<>0 then
	Response.redirect"/"
	Response.End
End If

If Id<>"" Then
	Set mRs=server.createobject("adodb.recordset")
	Sql="update AnySurnames set Hit=Hit+1 where Id="&Id
	mRs.open sql,conn,1,3
	Sql="Select * from AnySurnames where Id="&Id
	mRs.open sql,conn,1,1

	Name=mRs("Title")
	Info=mRs("Info")
End If
%>

<script language="JavaScript" type="text/javascript">
function doZoom(size){
	document.getElementById('textbody').style.fontSize=size+'px'
}
</script>

<table class="table table-condensed">
	<tr>
		<td >
		<table border="0" cellpadding="0" style="border-collapse: collapse" width="100%">
			<form method="POST" action="?">
			<tr>
				<td style="padding-left:10px;">当前位置：&nbsp;Surnames中国百家姓</td>
				<td width="50" style="padding-top:3px;">姓氏：</td>
				<td width="180"><input type="text" name="Title" size="23" style="border:1px black solid" value="<% =Title %>"></td>
				<td width="60"><input type="submit" value="搜 索" style="border:1px black solid"></td>
			</tr>
			</form>
		</table>
		</td>
	</tr>
	<tr>
		<td style="padding:3px;" bgcolor="#FFFFFF" valign="top">
		<% If Id="" Then %>
		<table class="table table-condensed table-striped table-bordered">

			<tr>
				<%
				count=500'显示记录条数
				If Title="" Then Sql="Select * from [AnySurnames] order by Hit,Title desc"
				If Title<>"" Then Sql="Select * from [AnySurnames] where Title='"& Title &"'"
				Set mRs=Server.CreateObject("adodb.recordSet")
				mRs.open Sql,conn,1,1
				If mRs.bof and mRs.eof then
					Response.Write"您查询的『&nbsp;<font color=""red"">"& Title &"</font>&nbsp;』暂时没有相关姓氏数据！"
				End If
				dim i
					i=1
				do while not mRs.eof and count>0
				count=count-1
				%>
				<td class='text-center'><strong><a href="?Id=<%=mRs("Id")%>"><% =mRs("Title") %></a></strong></td>
				<%
				if i mod 10=0 then Response.Write"</tr><tr>"
				i=i+1
				mRs.movenext
				loop
				mRs.close
				Set mRs=Nothing
				%>
			</tr>
		</table>
		<%
		Else
		%>
		<table class="table table-condensed">
			<tr>
				<td ><h3><% =Name %></h3></td>
			</tr>
			<tr>
				<td style="padding-right:3px;" align="right">浏览：<font color="#FF0000"><% =mRs("Hit") %></font>&nbsp;
				【&nbsp;<a href="javascript:doZoom(16)"><font color="#FF0000">大</font></a>
				<a href="javascript:doZoom(14)"><font color="#FF0000">中</font></a>
				<a href="javascript:doZoom(12)"><font color="#FF0000">小</font></a>&nbsp;】
				【&nbsp;<a href="javascript:" onclick="window.print();return false;" title="打印正文"><font color="#FF0000">打印</font></a>&nbsp;】
				【&nbsp;<a style="cursor:hand;" href="javascript:window.close()"><font color="#FF0000">关闭</font></a>&nbsp;】
				</td>
			</tr>
			<tr>
				<td id="textbody">
				<% =Replace(Info,chr(10),"<br>") %></td>
			</tr>
		</table>
		<% End If %>
		</td>
	</tr>
</table>
<!-- #include file="foot.asp" -->
